Squid -v: Squid Cache: Version 3.0.STABLE1 configure options: '-prefix=/usr/local/squid' '-exec-prefix=/usr/local/squid' '-enable-delay-pools' '-enable-cache-digests' '-enable-poll' '-disable-ident-lookups' '-enable-truncate' '-enable-removal-policies' '--enable-follow-x-forwarded-for' '--enable-ssl' '--enable-large-cache-file' '--enable-snmp' '--enable-auth=basic,ntlm' '--enable-basic-auth-helpers=LDAP,MSNT,multi-domain-NTLM' '--enable-digest-auth-helpers=password' '--enable-external-acl-helpers=ip_user,ldap_group' '--enable-removal-policies=heap,lru' '--enable-x-accelerator-vary' '--enable-err-languages=Spanish' 'LDFLAGS=-L/usr/local/BerkeleyDB.4.2/lib' 2007/12/18, Nick Duda <nduda@xxxxxxxxxxxxxx>: > Whats your "squid -v" > > ________________________________ > > From: Leandro Ferrrari [mailto:talsoft@xxxxxxxxx] > Sent: Tue 12/18/2007 5:43 AM > To: Nick Duda > Cc: Amos Jeffries; squid-users@xxxxxxxxxxxxxxx > Subject: Re: Squid with auth NTLM > > > > Hi, yes the command wbinfo -g and -u working perfectly. My configuration is: > > krb5.conf: > ... > [libdefaults] > default_realm = NEXTIT.LOCAL > dns_lookup_realm = yes > dns_lookup_kdc = yes > > [realms] > NEXTIT.LOCAL = { > kdc = vm-ws2003.nextit.local:88 > admin_server = vm-ws2003.nextit.local:749 > default_domain = NEXTIT > } > > [domain_realm] > .nextit.local = NEXTIT.LOCAL > nextit.local = NEXTIT.LOCAL > ... > > SMB.conf: > > [global] > workgroup = NEXTIT > server string = Samba Server > password server = NameOfServer > encrypt passwords = yes > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > realm = NEXTIT.LOCAL > idmap uid = 10000-20000 > idmap gid = 10000-20000 > template shell = /bin/false > winbind enum users = yes > winbind enum groups = yes > winbind use default domain = yes > client ntlmv2 auth = yes > > > Server Windows Active Directory is Windows 2003 Server > Client Windows is Windows XP > > Sincerely > Leandro Ferrari > > > > > 2007/12/17, Nick Duda <nduda@xxxxxxxxxxxxxx>: > > Have you joined your box to the domain? What is your krb5.conf file? What is your smb.conf file? What is the status of something like wbinfo -g or -u ? > > > > I would troubleshoot your domain connectivity before you worry about squid. > > > > > > -----Original Message----- > > From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx] > > Sent: Mon 12/17/2007 7:33 PM > > To: Leandro Ferrrari > > Cc: squid-users@xxxxxxxxxxxxxxx > > Subject: Re: Squid with auth NTLM > > > > > I have configured squid 3.0 with NTLM, and this configuration in > > > squid.conf is: > > > > > > auth_param ntlm program /usr/local/bin/ntlm_auth > > > --helper-protocol=squid-2.5-ntlmssp > > > auth_param ntlm children 30 > > > auth_param ntlm max_challenge_lifetime 2 minutes > > > > > > auth_param basic program /usr/local/bin/ntlm_auth > > > --helper-protocol=squid-2.5-basic > > > auth_param basic children 5 > > > auth_param basic realm Squid proxy-caching web server > > > auth_param basic credentialsttl 2 hours > > > > > > When a test the ntlm auth, in the Explorer client with a user > > > authenticate in Domain Controller Windows 2003, the explorer or > > > firefox show popup of the basic auth. > > > How to use the ntlm auth with an user of the domain group without auth > > > basic? > > > > Remove the basic configuration to not use it. > > You NTLM is broken by the sound of it if its always falling back on basic. > > Although the login box does not necessarily mean basic is being used. It > > could just be that the browser has no working credentials for the user to > > login NTLM with. > > > > > > Amos > > > > > > > > >
